Google Doodle Exploited for Malware Distribution

According to the security company Barracuda Networks' warning issued on December 15, 2009, Internet scammers are exploiting people's enthusiasm about Google Doodle to disseminate malicious software. Google Doodle refers to the graphics that frequently captures Google logo to mark important occasions or holidays.

On December 15, 2009, the doodle displayed a banner for a universal language Esperanto. Esperanto is the creation of L.L. Zamenhof based on various languages in parts. A user, who clicks doodle situated close to the box where search terms are fed, would find numerous keywords related to L.L. Zamenhof. Putting those to search, research scientist Dave Michmerhuizen at Barracuda discovered that out of the first 100 search results, 31 were poisoned websites, with 27 such sites appearing within the initial 50 results alone. CNet News reported this on December 15, 2009.

Michmerhuizen said that the top-page of search results was found to contain a web-link taking users onto certain hijacked site, which diverts them onto a rogue anti-virus website. This website exhibits a false warning that the visitor's PC is infected and after doing a bogus scan, it suggests the user to buy the anti-virus software, Michmerhuizen explained.

According to the researcher, search result poisoning isn't anything new. Michmerhuizen further noted that this phenomenon occurs every now and then, reported PCWorld on December 15, 2009. However, in the case of Google Doodle, the search involves clicking Google's logo, which returns results from websites that contain 50% compromised links.

Though, according to a spokesperson for Google, the Internet giant had eliminated several of the rogue websites from the search results' list using automated and manual processes.

He said that malware purveyors using well-known search phrases is not exclusive to any search-engine just as it isn't any new medium for attack. He further said that Google strived to safeguard its users from malicious software and any use of a Google product for serving malware indicates a violation of its product policies.

In the meantime, security specialists stated that scammers exploiting Google Doodle represented the newest instance of Google search result manipulations after the use of SEO tactics that pushes the malicious websites among the top search results in Google.